Browse 2,886+ CVEs from NVD & CNNVD with AI-powered analysis, AI-generated PoCs, KEV/EPSS tracking, and daily security intelligence. Filter by vendor, product, severity, or CWE.
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-44719 | Mathesar: Missing collaborator checks allowed access to database-scoped Mathesar metadata | mathesar-foundation | mathesar | - | - | 2026-05-15 18:24:55 | Deep Dive |
| CVE-2026-44718 | Mathesar: Missing collaborator checks allowed access to saved explorations in other databases | mathesar-foundation | mathesar | - | - | 2026-05-15 18:23:11 | Deep Dive |
| CVE-2026-35194 | Apache Flink: Remote code execution via SQL injection in code generation | Apache Software Foundation | Apache Flink | - | - | 2026-05-15 15:27:27 | Deep Dive |
| CVE-2026-45205 | Apache Commons Configuration: StackOverflowError for YAML input with cycles | Apache Software Foundation | Apache Commons Configuration | - | - | 2026-05-14 11:22:44 | Deep Dive |
| CVE-2026-8328 | FTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host address | Python Software Foundation | CPython | - | - | 2026-05-13 20:14:34 | Deep Dive |
| CVE-2026-0242 | Trust Protection Foundation: SQL Injection Vulnerability | Palo Alto Networks | Trust Protection Foundation | - | - | 2026-05-13 19:04:53 | Deep Dive |
| CVE-2026-0241 | Trust Protection Foundation: Multiple Authorization Bypass Vulnerabilities | Palo Alto Networks | Trust Protection Foundation | - | - | 2026-05-13 19:01:24 | Deep Dive |
| CVE-2026-0240 | Trust Protection Foundation: Sensitive Information Disclosure Vulnerability | Palo Alto Networks | Trust Protection Foundation | - | - | 2026-05-13 18:54:07 | Deep Dive |
| CVE-2026-43515 | Apache Tomcat: Security constraints not correctly applied | Apache Software Foundation | Apache Tomcat | - | - | 2026-05-12 15:33:23 | Deep Dive |
| CVE-2026-43514 | Apache Tomcat: AJP secret compared in non-constant time | Apache Software Foundation | Apache Tomcat | - | - | 2026-05-12 15:32:10 | Deep Dive |
| CVE-2026-43513 | Apache Tomcat: LockOutRealm treats user names as case-sensitive | Apache Software Foundation | Apache Tomcat | - | - | 2026-05-12 15:26:26 | Deep Dive |
| CVE-2026-43512 | Apache Tomcat: Digest authenticator will authenticate any unknown user | Apache Software Foundation | Apache Tomcat | - | - | 2026-05-12 15:24:02 | Deep Dive |
| CVE-2026-41293 | Apache Tomcat: HTTP/2 request headers not validated | Apache Software Foundation | Apache Tomcat | - | - | 2026-05-12 15:19:35 | Deep Dive |
| CVE-2026-42498 | Apache Tomcat: WebSocket authentication header exposure | Apache Software Foundation | Apache Tomcat | - | - | 2026-05-12 15:17:57 | Deep Dive |
| CVE-2026-41284 | Apache Tomcat: Unbounded read in WebDAV LOCK and PROPFIND handling | Apache Software Foundation | Apache Tomcat | - | - | 2026-05-12 15:14:45 | Deep Dive |
| CVE-2026-7210 | The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection | Python Software Foundation | CPython | - | - | 2026-05-11 17:19:10 | Deep Dive |
| CVE-2026-5266 | Wikimedia Echo 信息泄露漏洞 | Wikimedia Foundation | Echo | - | - | 2026-05-11 16:55:55 | Deep Dive |
| CVE-2026-34095 | action=raw with Special:Mypage subpage title responds with "Content-Type: text/html" on ctype=text/javascript request | Wikimedia Foundation | MediaWiki | - | - | 2026-05-11 16:53:25 | Deep Dive |
| CVE-2026-34094 | Customized help link for page protection indicator is relative to subpage name, because the link target is missing the "/wiki/" prefix | Wikimedia Foundation | MediaWiki | - | - | 2026-05-11 16:50:47 | Deep Dive |
| CVE-2026-34093 | Special:UserRights allows viewing user rights from private wiki | Wikimedia Foundation | MediaWiki | - | - | 2026-05-11 16:48:19 | Deep Dive |